I have an Affiliate program and it uses an active system where it allows users to submit their affiliate for approval and i have to aprove it and change the active field from '0' to '1' but as of yet it does not have a php page to do this i have to go into phpmyadmin so im about to creat it and wondered would it just be a case of:
select from affiliate where active = 0 order by desc
then have a link next to each record returned.
?action=update&Id=2
update affiliates set active = 1 where id = $id
0
Affiliate
Started by Bl4ck-Vip3r, Mar 12 2007 05:19 PM
5 replies to this topic
#2
-
- Members
-
- 970 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 12 March 2007 - 05:44 PM
Ya, why not. But you should really patch that up, since it should be an admin action only.
#3
-
- Members
-
- 41 posts
Young Padawan
Posted 12 March 2007 - 06:19 PM
here is the code so far, it shows me the validated affiliates and unvalidated ones, and gives me the option to validate an unvalidated 1 and delete a validated one. the validate bit works fine but it wont let me delete it :s why is this?
Just incase your wondering about the comments, they are bits off other parts of the affiliate script i just copied and edited to save time![:whoosh[1]:](http://www.pixel2life.com/forums/public/style_emoticons/default/tongue.gif)
lol
<?php
include "connect.php";
echo "<b> Unvalidated Affiliates</b>";
$show = mysql_query("SELECT * FROM `affiliates` WHERE `active` = '0' ORDER BY `id` DESC");
while ($r = mysql_fetch_assoc($show))
{
// get affiliate info
$name = $r['name'];
$in = $r['in'];
$out = $r['out'];
$img = $r['banner'];
echo "
<table>
<tr>
<td> $name</td>
<td> <img src = '$img' width ='88' height = '31' style='border: 0px; margin: 1px;' /> </td>
<td> <a href='Edit_Affiliate.php?mode=Active&id=$r[id]'>[A] </a> </td>
</tr>
</table>
";
}
echo "<hr width = '100%' /> <BR />
<b>Validated Affiliates</b>";
$show = mysql_query("SELECT * FROM `affiliates` WHERE `active` = '1' ORDER BY `id` DESC");
while ($r = mysql_fetch_assoc($show))
{
// get affiliate info
$name = $r['name'];
$in = $r['in'];
$out = $r['out'];
$img = $r['banner'];
echo "
<table>
<tr>
<td> $name</td>
<td> <img src = '$img' width ='88' height = '31' style='border: 0px; margin: 1px;' /> </td>
<td> <a href='Edit_Affiliate.php?mode=Delete&id=$r[id]'>[X] </a> </td>
</tr>
</table>
";
}
$mode = $_GET['mode'];
// get the mode
// a switch is like a series of ifs and elses, but in less space, and more efficent
switch ($mode) {
case "Active":
// for incomming hits, log and redirect to site index
// get id, and protect it
$id = htmlspecialchars($_GET[id]);
// check db
$get = mysql_fetch_assoc(mysql_query("SELECT * FROM `affiliates` WHERE `id` = '$id' LIMIT 1"));
// increment hits
$insert = mysql_query("UPDATE `affiliates` SET `active` = '1' WHERE `id` = '$id'");
echo "Affiliate Is now active.";
break;
case "Delete":
// for incomming hits, log and redirect to site index
// get id, and protect it
$id = htmlspecialchars($_GET[id]);
// check db
$get = mysql_fetch_assoc(mysql_query("SELECT * FROM `affiliates` WHERE `id` = '$id' LIMIT 1"));
// increment hits
$insert = mysql_query("DELETE FROM `affiliates` WHERE 'id' = '$id' ");
echo "Affiliate Deleted.";
break;
}
?>
Just incase your wondering about the comments, they are bits off other parts of the affiliate script i just copied and edited to save time
lol
Edited by Bl4ck-Vip3r, 12 March 2007 - 06:26 PM.
#4
-
- Members
-
- 970 posts
P2L Jedi
- Gender:Male
- Location:A strange world where water falls out of the sky... for no reason.
- Interests:Graphic Design, Coding, Splinter Cell, Cats
Posted 12 March 2007 - 09:25 PM
Absolutely no point in selecting something and not doing anything with it. Plus you should be using mysql_error() to ensure all queries are going off fine.
Also there is no reason to store a query in a variable if you aren't to do anything with it.
And then, I notice you are using the wrong quotes man... ticks (`) indicate a column/table/database, single quotes (') indicate a string.
Also there is no reason to store a query in a variable if you aren't to do anything with it.
And then, I notice you are using the wrong quotes man... ticks (`) indicate a column/table/database, single quotes (') indicate a string.
case "Delete":
$id = htmlspecialchars($_GET[id]);
mysql_query("DELETE FROM `affiliates` WHERE `id` = '$id'") or die(mysql_error());
echo "Affiliate Deleted.";
break;
#6
-
- P2L Staff
-
- 1,945 posts
Moderator
- Gender:Not Telling
Posted 13 March 2007 - 07:20 AM
Just a little security issue, with the ID you are using to delete:
That will simply check for an ID that is a numerical value and is bigger then 0, and providing it passes that it will escape any quotes (stop sql injection) and convert any html to their chars.
Matt
$id = ( ( is_numeric( $_GET['id'] ) && $_GET['id'] > 0 ) ? mysql_real_escape_string( htmlspecialchars( $_GET['id'] ) ) : 0;
That will simply check for an ID that is a numerical value and is bigger then 0, and providing it passes that it will escape any quotes (stop sql injection) and convert any html to their chars.
Matt
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
